NEW YORK — CVS said Friday investigators have confirmed that the company that manages its photo website was hacked this summer, possibly resulting in the theft of some CVS customer information.

The photo website of the nation’s second-largest drugstore chain has been shut down since July after the breach was detected. The photo sites of Rite Aid, Costco and Wal-Mart Canada also were affected in the breach.

CVS Health Corp. said it started contacting potentially-affected customers Friday. A spokesman for the Woonsocket, Rhode Island-based company wouldn’t say how many customers were being notified, or comment beyond the note to consumers posted on CVS’ photo website.

The company’s main CVS.com website, the computer system used by its pharmacies, its optical website and its MinuteClinic online bill pay site were not affected by the breach. Sales made in CVS stores also were not affected.

The Rite Aid and Wal-Mart Canada sites also remained down Friday afternoon, while the Costco site has restarted limited operations.

Staples Inc., the parent company of Canada-based PNI Digital Media, which manages all of the sites, says that based on its investigation so far, it appears that the hackers breached PNI’s computer systems and used malware to capture user information on the company’s servers.

But it says that there’s no sign that hackers accessed user photos or pin numbers.

“The company is working with outside security experts to determine the nature and scope of the incident, including what user data was impacted and the time period involved,” Staples’ statement read.

Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.

Related Stories
Latest Articles